CNNVD-202509-4106 Information

CNNVD ID

CNNVD-202509-4106

Related CVE

CVE-2025-11014

• CNNVD Published: 2025-09-26

Description (Chinese)

ogre是OGRECave开源的一个面向场景的3D引擎。 ogre 14.4.1及之前版本存在安全漏洞，该漏洞源于文件/ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp中STBIImageCodec::encode函数存在堆缓冲区溢出，可能导致本地攻击。

Description (English)

ogre is a 3D-oriented 3D engine for the Ogrecave Open Source. There is a security loophole in document/ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp in the STBIImageCodec:encode function, which can lead to local attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OGRECave

Published

2025-09-26

Last Modified

2026-02-24

References

https://github.com/OGRECave/ogre/issues/3445 https://github.com/user-attachments/files/22326665/poc.zip https://vuldb.com/?ctiid.325957 https://vuldb.com/?id.325957 https://vuldb.com/?submit.654269 https://access.redhat.com/security/cve/cve-2025-11014